Automate scanner start and stop using AWS Lambda

This document will walk you through the steps to automate the start and stop of Qualys scanners deployed in AWS using a Lambda function.

Scenario:

If your EC2 scans are restricted to maintenance windows, you'll need to manually start and stop the scanner. Using Lambda function it is possible to automate this - the scanner will automatically start when your maintenance window begins and automatically stop when your maintenance window ends.

In this example, let's assume 00:00 GMT as the start time and 08:00 GMT as the end time of the maintenance window.

In this example, I've assumed the maintenance window starts at 00:00 GMT each day. Ideally, you want to start the scanner a few minutes before you scan start time, that way it'll have enough time to sync up with the Qualys cloud platform.

Add the start Lambda function as the target

Name your rule and save.

6. Create a CloudWatch rule to trigger the Lambda function to stop the scanner

Navigate to CloudWatch > Events > Rules > Create rule

Event Source: Schedule > Cross expression

Specify a Cron expression that matches the stop time of your maintenance window.

In this example, I've assumed the maintenance window starts at 08:00 GMT each day.

Add the stop Lambda function as the target

Name your rule and save.

Now the CloudWatch event rules will automatically start and stop your scanner(s) at the configured time.

Verification:

The CloudWatch logs will contain event details of each trigger of the Lambda function.